3. Install Lighttpd
We need to install lighttpd because Nginx does not come with a FastCGI package, and there isn’t a standalone package yet. So we are going to install Lighttpd, disable it, and use spawn-fcgi from the Lighttpd package.

4. Setup spawn-fcgi
Since we are going to use spawn-fcgi to handle PHP, we need to set it up to start when our server starts and make an init script so that we can control the processes. For starters, create the init script:

In this file, you can change the FCGI_PORT, PHP_FCGI_CHILDREN, and PHP_FCGI_MAX_REQUESTS. If you change the port, make sure to note what you change it to because we will need it for later. Now, we want to make sure that spawn-fcgi starts when the server starts:

update-rc.d php-fastcgi defaults
/etc/init.d/php-fastcgi restart

5. Install Nginx

apt-get install nginx

6. Configure Nginx and your default vhost
For help with configuring Nginx beyond just the default configuration, please refer to the Nginx Wiki. We are now going to configure the default vhost so that we can verify that PHP is working with Nginx.

What we did here was changed the server_name to accept all incoming requests, uncommented the location stanza and defined where Nginx needs to look for spawn-fcgi. If you changed the port above in the /etc/default/php-fastcgi file, then you need to change the port on the fastcgi_pass line as well. On the line fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;, you need to change /var/ww/nginx-default to match your web root. On the line include fastcgi_params; you need to add a space between the include and the fastcgi_params as there is a bug in the default configuration and that space was omitted. Once you save the default-vhost, you need to restart Nginx.

/etc/init.d/nginx restart

Now we will create an info.php file in your web root:

nano /var/www/nginx-default/info.php

Add the following code and save the file:

<? phpinfo(); ?>

Now in your web browser, pull up the newly created file (http://your-ip/info.php). You should see information about the version of PHP that you are running.

Note: When I installed Nginx, it did not start automatically, however it was setup to start when the server booted. I have heard stories of users having issues with Nginx starting automatically when the server boots. If Nginx does not start when you boot your server, run the following command which will make it start on boot:

May 16, 2009

One of the greatest tools I have found to secure the server from brute force attacks and keep your server out of the reach of hackers is DenyHosts.
What DenyHosts does is very simple , but very effective , it processes auth.log ( in Debian based distros ) or secure.log ( in Redhat based distros ) and finds unsuccessful login attempts through ssh and blocks the attacker through /etc/hosts.deny file.
also it has a central server which can synchronize all DenyHosts instances around the world , so if there is an attacker detected in US , it will be blocked in all of the world very fast ! but this option needs to be enabled in config file.
DenyHosts is an open source project and is available to download at sourceforge : http://denyhosts.sourceforge.net

As my favorite distro is Debian , I guide you how to install and use it on Debian. but steps are almost the same on CentOs.
DenyHosts is available through Debian repos so you can simply install it by :

apt-get install denyhosts

then you need to configure it , configuration file is located at /etc/denyhosts.conf
I suggest you to read the whole file and understand it , it worth’s the time. but in case you need a good working configuration, you can use mine :

Don’t Forget to set ADMIN_EMAIL and SMTP_FROM to your own emails.
One of the important steps that you should do is to add your own IP address to white list so it doesn’t get blocked.
to do this , open /var/lib/denyhosts/allowed-hosts file and enter your own IP in it.
if you have forgotten to do this and now you are blocked from server , you need to connect to server from another IP address and do the following steps :

1.Stop DenyHosts :

/etc/init.d/denyhosts stop

2.Remove the IP address from /etc/hosts.deny
3.Also you need to remove your IP address from any file located in /var/lib/denyhosts , first look which files contain your IP :

grep Your_IP *

The remove the IP from files using your favorite editor or method 😉

Edit : I have found a great solution to delete your IP from all files all at once.